The Importance of Basic, Yet Effective, Internal Controls

Last August, Northern Marine Management India, a shipping company located in Powai, a suburb of Mumbai, India, discovered that it has been the victim of a bold heist. The company kept gold coins that it used to honor employees at their retirements. Depending on their years of service, retiring employees received a gold coin weighing between 2 and 20 grams. However, the firm was shaken when it realized that about 285 of the coins, worth more than $100,000, had gone missing.

An investigation later found that over two years, an employee had stolen the coins in increments, exploiting weak oversight and nonexistent accountability systems. These high-value assets were stored in a locker, assumed to be safe due to physical security measures. Yet, no one noticed the theft until discrepancies in inventory surfaced. The stolen wealth financed the thief’s lavish lifestyle, including expensive purchases and indulgences that also went unnoticed.

The incident exemplifies how businesses often prioritize physical security while neglecting procedural safeguards. The absence of basic internal controls created a perfect storm for such prolonged and undetected fraud. This heist is not just a cautionary tale, but a wake-up call for companies to rethink their approach to asset protection.

Keep it Simple

The heart of this case is not just the stolen gold, but the absence of simple, effective internal controls that could have prevented or quickly identified the theft. Internal controls are essential for maintaining accountability, preventing fraud, and protecting an organization’s assets.

Controls don’t need to be complex to be effective. For instance, consistent record-keeping, regular audits, and oversight mechanisms act as deterrents and detection tools. A focus on these basics ensures that even trusted individuals cannot bypass the system unchecked. This is a critical lesson from the Powai heist: sophisticated security is meaningless without foundational controls.

Building Your Own Fort Knox—Lessons from the Heist:

Fort Knox is not just a symbol of security—it’s a model for layered protection. Businesses can adopt its principles to safeguard assets by implementing multiple levels of checks and balances:

• Regular Physical Verification: Conduct routine audits and surprise checks to ensure inventory matches records.
• Access Logs and Oversight: Require digital sign-ins for entry into storage areas and assign managers to review logs for anomalies.
• Asset Management Policies: Set clear guidelines for handling high-value assets, including approval requirements and purchase limits.

Like Fort Knox, an organization must build layers of security, both physical and procedural, to ensure no single weakness can be exploited.

Here are 10 basic yet effective controls businesses can use to protect their physical assets:

1. Perimeter Security: Implementing physical barriers like fences, walls, or gates can deter unauthorized access to the business premises. Coupled with controlled entry and exit points, this establishes a clear boundary of protection.
2. Access Control Systems: Utilizing locks, keys, key cards, or biometric scanners restricts entry to authorized personnel only. Different levels of access can be granted based on roles and responsibilities, ensuring sensitive areas remain secure.
3. Surveillance Systems: Installing CCTV cameras provides visual monitoring of the premises, acting as a deterrent and providing valuable evidence in case of incidents. Strategic placement ensures comprehensive coverage of vulnerable areas.
4. Lighting: Adequate lighting, especially around the perimeter and entry points, discourages intruders and enhances the effectiveness of surveillance systems. Motion-sensor lights can also draw attention to unusual activity.
5. Security Personnel: Employing security guards or patrols, even during off-hours, provides a physical presence that can deter theft and vandalism. Their training allows them to respond to security breaches effectively.
6. Visitor Management: Establishing a clear process for logging visitors, issuing visitor badges, and escorting them when necessary helps track who is on the premises and limits unauthorized movement.
7. Secure Storage: Utilizing locked cabinets, safes, or secure rooms for valuable equipment, sensitive documents, and inventory minimizes the risk of theft or damage.
8. Inventory Management: Implementing regular inventory checks and reconciliation helps identify discrepancies and potential losses early on. This can also deter internal theft.
9. Cable and Equipment Locks: Securing portable equipment like laptops and projectors with physical locks can prevent opportunistic theft. Similarly, securing cables can prevent tampering or removal.
10. Emergency Preparedness: Having well-defined procedures for responding to emergencies like fire, power outages, or natural disasters, including evacuation plans and backup systems, protects assets from damage and ensures business continuity.

The Powai gold heist is more than a financial loss; it’s a stark reminder of high cost of complacency. Strong internal controls are not optional—they are critical. By learning from this incident, businesses can protect themselves and transform their operations into modern-day Fort Knox-like fortresses.

Remember, prevention is always more cost-effective than recovery. So is your organization ready to safeguard its treasures? 

Aditya Tibrewal is a Chartered Accountant and passionate Internal Auditor, focused on driving business excellence through impactful risk management.